Vulnerabilities > CVE-2020-8961 - Unspecified vulnerability in Avira Free Antivirus

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

avira

critical

NVD

Published: 2020-04-09

Updated: 2021-07-21

Summary

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific location, and pass this event to the driver, thereby defeating the anti-virus functionality.

Vulnerable Configurations

Part	Description	Count
Application	Avira Avira Free Antivirus 15.0.1907.1514 Avira Free Antivirus 15.0.1909.1591 Avira Free Antivirus 15.0.1911.1648 Avira Free Antivirus 15.0.1911.1660 Avira Free Antivirus 15.0.1912.1683 Avira Free Antivirus 15.0.2002.1755	6

References

https://support.avira.com/hc/en-us/articles/360000109798-Avira-Antivirus-for-Windows